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(54) Method and apparatus for performing authentication for roaming between different mobile 
communication systems 



(57) A method and apparatus for permitting global 
roaming between two communication networks which 
utilize different authentication schemes. The authenti- 
cation interoperability function (AIF) and method trans- 
late between the authentication schemes of each net- 
work, for example, a triplet-based network and a shared 



secret data (SSD) network. When a user from a network 
that natively uses SSD authentication roams into a tri- 
plet-based network, the authentication interoperability 
function produces triplets from the current SSD. When 
a triplet user roams into an SSD network, the AIF pro- 
duces SSD from the triplet. 
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Description 

Field of the Invention 

[0001] The present invention relates to authentication 
of users in a communication system, and more particu- 
larly to the authentication of users in a wireless network 
as the user roams between two communication systems 
with differing authentication schemes. 

Description of the Related Art 

[0002] There are currently different communication 
standards utilized in the U.S., Europe, and Japan. The 
U.S. currently utilizes three majorsystems, with differing 
standards. The first system is a time division multiple 
access system (TDMA) and is governed by IS-136, the 
second system is a code division multiple access (CD- 
MA) system governed by IS-95, and the third is the Ad- 
vanced Mobile Phone Sysiem (AMPS). All three com- 
munication systems use the IS-41 standard for intersys- 
tem messaging, which defines the authentication pro- 
cedure. * 

[0003] In TDMA, users share a frequency band, each 
user's speech is stored, compressed and transmitted as 
a quick packet, using controlled time slots to distinguish 
them, hence the phrase "time division". At the receiver, 
the packet is decompressed. In the. IS-136 protocol, 
three users share a given channel. 
[0004] Traditional systems transmit a. single strong 
signal, perhaps intermittently, on a narrowband. In con- 
trast, CDMA works in reverse, sending a weak but very 
broad band signal. A unique code "spreads" the signal 
across the wide area of the spectrum (hence the alter- 
native name - spread spectrum), and the receiver uses 
the same code to recover the signal from the noise. A 
very robust and secure channel can be established, 
even for an extremely low-power signal - theoretically, 
the signal can be weaker than the noise floor. Further, 
by using different codes, a number of different channels 
can simultaneously share the same spectrum, without 
interfering with each other, 
[0005] The AMPS system is an analog system. 
[0006] Europe utilizes the Global System for Mobiles 
(GSM) network as defined by the European Telecom- 
munications Standard Institute (ETSI). GSM now has 
the support of 80 operators in over 40 countries includ- 
ing countries outside of Europe. GSM is a TDMA stand- 
ard, with 8 users per channel. The speech is taken in 20 
msec windows, which are sampled, processed, and 
compressed. 

[0007] GSM is transmitted on a 900 MHz carrier. 
There is an alternative system operating at 1.8 GHz 
(DCS 1800), providing additional capacity, and is often 
viewed as more of a personal communication system 
(PCS) than a cellular system. In a similar way, the U.S. 
has also implemented DCS-1 900, another GSM system 
operating on the different carrier of 1 .9 GHz. 



[0008] Personal Digital Cellular (PDC) is the Japa- 
nese standard, previously known as JDC .(Japanese 
Digital Cellular). A TDMA standard similar to the U.S. 
IS-54 protocol, PDC is not in use anywhere else in the 
5 world. 

[0009] The GSM network utilizes a user identification 
module (UIM) which is a credit card size card which is 
owned by a subscriber, who slides the UIM into any 
GSM handset to transform it into "their" phone. It will 

10 ring when their unique phone number is dialed, calls 
made will be billed to their account; all options and serv- 
ices connect; voice mail can be connected and so on. 
People with different UIMs can share one "physical" 
handset, turning it into several "virtual" handsets, one 

is per UIM. 

[0010] Similar to the U.S. systems, the GSM network 
also permits "roaming", by which different network op- 
erators agree to recognize (and accept) subscribers 
from other networks, as phones (or UIMs) move. So, 

20 British subscribers can drive through France or Germa- 
ny, and use their GSM phone to make and receive calls 
(on their same UK number), with as much ease as an 
American businessman can use a phone in Boston, Mi- 
ami, or Seattle, within any one of the U.S. systems. 

2B [0011] Regardless of the telephone communication 
system, when a subscriber places a call, his or her tel- 
ephone indicates to the service provider the identity of 
the caller lor billing purposes. The service provider must 
then "authenticate" the identity of the caller in order to 

30 ensure that he or she is an authorized user. 

[0012] The GSM authentication scheme is illustrated 
in prior art Figures 1 and 2. This authentication scheme 
includes a home location register (HLR) 10, a visiting 
location register (VLR) 20, and a mobile terminal (MT) 

35 30, which includes.a UIM 32. When the mobile terminal 
30 places a call, a request is sent to the home location 
register 10, which generates an authentication triplet 
(RAND, SRES, K c ) from a root key. Kj. The triplet in- 
cludes a. random number RAND, a signed- response 

40 SRES, and a session key K c . The triplet is provided to 
the visiting location register 20, which passes the ran- 
dom number RAND to the mobile terminal 30. The UIM 
32 receives the random number RAND, and utilizing the 
root key Kj. the random number RAND, and an algorithm 

.45 A3, calculates a signed response SRES. The UIM 32 
. also utilizes the root . key Kj and the random number 
RAND, and an algorithm A8 to calculate the session key 
K c - 

[0013] The SRES, calculated by the UIM 32, is re- 
so turned to the visiting location register 20, which com- 
pares this value from the SRES received from the home 
location register 10, in order to authenticate the sub- 
scriber using the mobile terminal 30. 
[0014] In the GSM "challenge/response" authentica- 
55 .tion system, the visiting location register 20 never re- 
ceives the root key Kj being held by the UIM 32 and the 
home location register 10. The VLR 20 also does not 
need to know the authentication algorithms.used by the 



2 



3 



EP 0 955 783 A2 



4 



HLR 10 and UIM 32. Also, in the GSM authentication 
scheme, the triplet must be sent for every phone call by 
the home location register 10. RAND is 128 bits, SRES 
is 32 bits, and K c is 64 bits, which is 224 bits of data for 
each request, which is a significant data load. 
[0015] The IS-41 authentication scheme, used in U. 
S. TDMA, CDMA and AMPS systems, is illustrated in 
prior art Figures 3(a), 3(b) and 4. This authentication 
scheme involves a home location register (HLR) 40, a 
visiting location register (VLR) 50, and a mobile terminal 
(MT)-60, which includes a UIM 62. The root key, known 
as the A_key, is stored only in the HLR 40 and the UIM 
62. There is a secondary key, known as Shared Secret 
Data SSD, which is sent to the VLR 50 during roaming. 
SSD is generated from the A_key and a random seed 
RANDSSD using a cryptographic algorithm, as illustrat- 
ed in Figure 3(a). In the IS-41 network, this algorithm is 
CAVE (Cellular Authentication and Voice Encryption). 
When the MT 60 roams to a visiting network, the VLR 
50 sends an authentication request to Ihe HLR 40, which 
responds by sending that subscriber's SSD. 
[0016] Once the VLR 50 has the SSD, it can authen- 
ticate the MT 30 independently of the HLR 40, as illus- 
trated in Figure 3(b). The VLR 50 sends a random 
number RAND tothc UIM 62 via the MT 60, and tho UIM 
62 calculates the authentication response (AUTHR) us- 
ing RAND and the stored value of SSD in UIM 62. AU- 
THR is returned to the VLR 50, which checks it against 
the value of AUTHR that it has independently calculated 
in the same manner. If the two AUTHR values match, 
the MT 60 is declared valid. 

[0017] This scheme is efficient in two ways. One, the 
amount of data passed over the long-distance signaling 
link between the HLR 40 and the VLR 50 is very small 
" (the 1 28-bit SSD), and one such transfer is sufficient for 
the entire registration period. Two, the VLR 50 may au- 
thenticate the user before assigning a traffic channel 
which is possible because RAND can be generated lo- 
cally and need not be generated by the HLR 40 ' 
[0018] To generate encryption session keys, the inter- 
nal state o1 the CAVE algorithm is preserved after the 
authentication calculation. Several levels of encryption 
keys are then calculated using the post-authentication 
state of CAVE and the current' value of SSD, as illustrat- 
ed in Fig. 4. 

[0019] The goal of the International Mobile Telecom- 
munications - 2000 (IMT-2000) standards development 
effort is to provide a global telecommunications system 
which will support a phone subscription anywhere in the 
world and will also permit a subscriber to Yoam global- 
ly". In order to realize this system, interfaces must be 
provided between the various systems (GSM, IS-41, 
PDC : etc.) which permit subscribers from different sys- 
tems to "roam" into other systems. Currently such "glo- 
bal" roaming is unavailable. The International Telecom- 
munication Union (ITU) is working to develop standards 
which allow global roaming which will be accomplished 
with a standardized network-to-network interface (NNI) 



and UIM-MT interface, which must be capable of pass- 
ing messages which permit proper authentication of the 
identity of each caller. 

[0020] Several types of global roaming are permitted 
5 including: removable UIMs, multi-mode terminals (ter- 
minals that can communicate with more than one air in- 
terface standard), and downloadable UIMs (terminals 
which receive service profile information over the air). 
All three roaming scenarios are equivalent for the pur- 
io poses of the present invention. What matters is that a 
UIM from one network is visiting a network with a differ- 
ent authentication scheme, and the UIM must be au- 
thenticated using the security architecture of the local 
network. 

15 

Summary Of The Invention 

[0021] The present invention addresses the authenti- 
cation problem by providing an authentication interop- 

20 erabilily function (AIF) that permits the authentication ol 
users as they roam between networks that use different 
authentication schemes. More specifically, interopera- 
bility is possible if one network uses stored authentica- 
tion triplets and a second network uses shared second- 

25 •■ ary keys, also known as shared secret data (SSD). 

[0022] An authentication interoperability function 
(AIF) translates between the authentication schemes of 
each family of communication networks (IS-41, GSM, 
PDC). The AIF may be located at the HLR (Home Lo- 

30 cation Register) or AC (Authentication Center) of the 
home network, the VLR (Visited Location Register) of 
the visited network, or as a stand-alone interworking 
function (IWF) located elsewhere in the network. 
[0023] When a user from a network that natively uses 

35 SSD authentication roams into a triplet-based network, 
the AIF will produce triplets from the current SSD. When 
a triplet user roams into an SSD network, the AIF will 
produce SSD from triplet(s). 

[0024] The AIF of the present application preserves 
40 the current authentication architecture in each commu- 
nication network family (GSM, IS-41, PDC), concen- 
trates the changes which make the two communication 
networks compatible to the AIF, the Network-to-Network 
Interface (NNI), and the User Identity Module (UIM), and 
45 preserves the current level of security in each system. 

Brief Description Of The Drawings 

[0025] 

so- 

Figure 1 is a block diagram illustrating the basic 
components of the prior art global system for mo- 
biles (GSM) network; 

55 Figure 2 is a prior art diagram of messages trans- 

mitted in the GSM network; 

Figures 3(a) and 3(b) are block diagrams illustrating 
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the basic components of the prior art IS-41 network; 

Figure 4 illustrates the messages transmitted in the 
prior art IS-41 network illustrated in Figure 3: 

Figure 5 is a block diagram of a generic communi- 
cation system; 

Figure 6 is a block diagram of a generic mobile tel- 
ecommunication system; 

Figure 7 is a block diagram illustrating how an IS- 
41 user roams into a GSM network; 

Figure 8 illustrates how a GSM user roams into an 
IS-41 network;. 

Figure 9 illustrates the roaming IS-41 user in more 
detail; - - 

Figuie 1 0 illustrates the roaming GSM usei in moie 
detail; and 

Figure 11 illustrates a general network interface. 

Detailed Description Of The Invention 

[0026] The present . invention discloses how to au- 
thenticate a global roamer in IMT-2000. An authentica- 
tion interoperability function is provided that integrates 
the authentication architectures of GSM MAP and IS-41 
MAP. In particular, an authentication interoperability 
function (AIF) translates between the authentication 
schemes of the two families (for example, IS-41 and 
GSM). When an IS-41 user roams into a GSM network, 
the AIF produces triplets from the current SSD. When a 
GSM user roams into an IS-41 network : the AIF produc- 
es SSD from a single triplet. 

[0027] Figure 5 illustrates a basic communication sys- 
tem. A terminal 102 communicates with a network 104, 
which is connected to an authentication center 1.06. The 
network 104 is connected to a second network 114 via 
a Network-to-Network interface (NNl) 222. The network 
1 1 4 is connected to a terminal 116 and an authentication 
center 112. 

[0028] A basic mobile communication system is illus- 
trated in Figure 6. 

[0029] in the embodiment illustrated in Figure 6, the 
home location register (HLR) 302 and visiting location 
register (VLR) 304 belong to the first network 218 and 
the home location register (HLR) 306 and visiting loca- 
tion register (VLR) 308 belong to the second network 
220. When the first network and.the second network uti- 
lize different authentication schemes for authenticating 
the user of mobile terminal 310 with UIM 312, a problem 
arises regarding how the user is authenticated: The 
present invention - solves this problem by providing an 
authentication interoperability function, which translates 



between the authentication schemes of the two net- 
works. The authentication interoperability function dis- 
closed in the present application describes how to au- 
thenticate a "global 11 roamer, such as within IMT-2000. 

s This authentication interoperability function integrates 
the authentication architectures of two networks which 
utilize different authentication schemes, such as the 
GSM network and the IS-41 network. A more detailed 
illustration of the network elements utilized in the GSM 

io network and the IS-41 network is illustrated in Figures 
7 and 8. 

[0030] Figure 7 illustrates that the first network 21 8 is 
a GSM network. This network includes a home location 
register 302, a, visiting location register 304, and a mo- 

1$ bile terminal 31 0 with Ul M 31 2. The second network 220 
is an IS-41 network which includes a home location reg- 
ister 306, a visiting location register 308, and a mobile 
terminal 311 with UIM 312. The authentication interop- 
erability function 314 is utilized when the user of UIM 

20 312 roams to another system, such as the GSM net- 
work, as illustrated in Figure 7. 

[0031] Figure 8 illustrates the converse situation, 
where a user from the GSM network roams to the IS-41 
network. 

25 . , • . 

IS-41 User Roaming in a GSM Network 

v [0032] ./When an IS-41 user roams to a GSM network, 
5 . the AIF 31 4 generates an authentication triplet from 

.30 SSD. As illustrated in Figure 9, the HLR 306 sends the 
currently stored SSD to the AIF 314, which uses the 
SSD to generate a triplet, which is sent to VLR 304. 
Then, the VLR 304 authenticates the UIM 312 by send- 
ing RAND to the UIM 312 via the MT 31.0. The UIM 312 

3S generates SRES and K c with RAND and SSD and sends 
SRES and K c to the MT 310. The MT 310 sends SRES 
to the VLR 304, which compares this SRES with the 
SRES received from the AIF 314 to authenticate the us- 
er. The GSM VLR 304 sends a request fortriplets across 

40 the Network-to-Network Interface (NNl) 222 to the AIF 
314 via a registration notification message (NNl REG- 
NOT). The AIF 314 retrieves the user's SSD from the 
IS-41 HLR 306 and uses it to calculate triplets (RAND, 
SRES, K c ). The triplets are sent to the GSM VLR 304 

45 via the response message NNl REG NOT The AIF 314 
is equipped with CAVE (or the current authentication al- 
gorithm in the IS-41 network's Common Cryptographic 
Algorithms (CCA)), which will be used to generate the 
triplets. Due to the triplet concept, the GSM architecture 
. 50 does not need to know the authentication algorithm; the 
algorithm only resides in the UIM 312 and.the IS-41 HLR 
306. In other words, the GSM VLR 304 does not need 
to have CAVE. 

[0033] The size of the challenge and response param- 
ss eters differ between the IS-41 and the GSM networks. 
To generate a GSM authentication pair from an IS-41 
SSD, the size conversion is performed at the AIF 314; 
in particular, the AIF 314 generates a 32-bit RAND, cal- 
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culates an 18-bit authentication response AUTHR, us- 
ing the CAVE algorithm, using the 32-bit RAND, a 64-bit 
SSD_A, an identity value, and the authentication data 
AUTH_DATA. The AIF 314 also generates a 128-bit 
RAND from the 32-bit RAND and generates a 32-bit 
SRES from the 1 8-bit AUTHR by padding on the left with 
zeros or dummy values. 

[0034] Normally, during authentication of an IS-41 call 
origination, the dialed digits are used as the authentica- 
tion data AUTH_DATA, which provides protection 
against replay of a global challenge. This is not done in 
the GSM network because the triplet might be calculat- 
ed in advance, when the dialed digits are not known. In 
addition, a triplet is only used once; therefore there is 
less danger of a replay attack: Therefore, when gener- 
ating a GSM triplet from SSD, AUTH_DATA is set to in- 
ternational mobile subscriber identity (IMS!) as it is dur- 
ing a unique challenge. 

[0035] The third parameter of the GSM triplet, after 
RAND and SRES, is the ciphering key K c . CMEA_KEY, 
the 64-bit root encryption and voice privacy key, is used 
for this purpose. CMEA_KEY is generated by the AIF 
314 as defined in the IS-41 CCA as: 
K c64 =CMEA_KEY 64 =CAVE(SSD_B, AUTH_STATE), 
whore AUTH_STATE is the state of the internal registers 
of CAVE after the calculation of the authentication- re- 
sponse. 

[0036]' • Once K c is determined, the triplet is complete 
and is sent to the GSM VLR 304 via the IS-41 HLR (306) 
and AIF 314 in the NNI REGNOT response message as: 
NNI REGNOT [RAND 128 , SRES 32 , K c64 ]. 
[0037] Once the GSM VLR 304 receives the triplet, 
authentication of the IS-41 phone proceeds as usual, 
except that the UIM 312 calculates the authentication 
parameters using CAVE. This process is transparent to 
the GSM network 218 and is conventionally performed 
in accordance with the standards set forth by ETSl , such 
that the following messages are created and ex- 
changed: " ' 

VLR 304 • ^MT 310: RIL3-MM AUT-REQ 
[RAND 128 ]; 

MT 310 ->UIM 312: UIM AUTHREQ [RAND 128 J ; 

UIM 312: extracts RAND 32 from RAND 128 -; - 

UIM 312: AUTHR 18 =CAVE (RAND 32 , SSD_A 64 , 
[Identity], AUTH_DATA); 

UIM 312: SRES 32 =AUTHR 18 padded on the left 0 
or random dummy bits; 

UIM 312: K C =CMEA_KEY 64 =CAVE(SSD^B, 
AUTH_STATE) ; 

UIM 312 MT 310: UIM authreq [SRES 32 , K^] ; 



MT 310: stores K c for ciphering; 

MT 310 ^ VLR 304: RIL3-MM AUT-RESP 
[SRES 32 ]. 

5 

[0038] The UIM 312 use the 128-bit authentication 
challenge (RAND 128 ) as a parameter and provides a 
32-bit authentication response (SRES) and a 64-bit ci- 
phering key (K c ). 

10 

GSM User Roaming in an IS-41 Network 

[0039] When a GSM user roams in an IS-41 network, 
the goal is to create Shared Secret Data (SSD) between 
15 the IS-41 VLR 308 and the UIM 312 within the mobile 
terminal 310. As illustrated in more detail in Figure 10, 
two triplets are sent from the HLR 302 to the AIF 314, 
which uses them to generate SSD update parameters, 
which are sent to the VLR 308. The VLR 308 sends 
20 RAN DGSM_A and RANDGSM_B to the UIM 312 via Ihe 
MT 311. The UIM 312 uses RANDGSM_A and 
RANDGSM_B to calculate K CA and K CB which are 
stored as the new value of SSD. Thereafter, for each 
system access, the VLR 308 authenticates the UIM 31 2 
25 independently of the HLR 302, 

[0040] using SSD, according to. the authentication 
procedure defined in IS-41. 

[0041] TheJdea is to use triplets to generate the pa- 
rameters required to perform an SSDupdate. The result 
is that the IS-41 VLR 308 shares a key (SSD) with the 
UIM 312. of the roaming GSM user. Subsequently for 
each system access, the key can be used with any au- 
thentication algorithm common between the UIM 312 
and the IS-41 VLR 308. 

■ [0042] Upon detecting a registration attempt from a 
GSM user the IS-41 VLR 308 alerts the AIF 314 with a 
registration notification (NNI REGNOT) message. The 
AIF 314 then requests two triplets from the GSM HLR 
302 of the GSM user. This process is transparent to the 
GSM network 218 and is done in accordance with the 
standards set forth by ETSl, such that the following mes- 
sages are created by the HLR 302 and exchanged with 
the AIF 314: 

HLR 302: Generate 128-bit RANDGSM_A, 
RANDGSM_B 

HLR 302: K C _A=A8 (RANDGSM_A, Kj) ; 

HLR 302: K C _B=A8(RANDGSM_B, Ki) ; 

HLR 302—> AIF. 31 4: (RANDGSM_A, SRES, K C _A), 
(RANDGSM_B, SRES, K C _B) ; 

55 [0043] The AIF 314 sends the SSD Update parame- 
ters back to the IS-41 VLR 308 in the response to the 
registration notification message (NNI REGNOT): 



' 30 



35 



40 



45 



- 50. 



5 



9 

AIF 314: NewSSDInfo= (K C _A, K^B) ; 

AIF 314 -> VLR 308: NNI regnot [RANDGSM_A, 
RANDGSM_B, NewSSDInfo], 

NewSSDInfo has two parts: NewSSD_A=K c _A, 
and NewSSD_B=K<^B. 

[0044] The IS-41 VLR 308 performs a modified SSD 
Update procedure with the MT 310 (via the IS-41 AU- 
THDIR message: note that this requires the air interface 
to carry the 1 28-bit RANDGSM parameters) after insert- 
ing the parameters RANDU and AUTHU. These two pa- 
rameters are used during the unique challenge which is 
performed after the SSD Update. Note that this may re- 
quire changes to IS-41 to allow for the larger (128-bit) 
RANDGSM parameters to be passed. The following 
messages are then created and exchanged. 

VLR 308: Generate random challenge RANDU 

VLR 308: AUTHU=CAVE (RANDU, NewSSD_A, 
[Identity]) 

VLR 308 MT 310: SSDJJPDATE_GSM 

[RANDGSM_A, RANDGSM_B]. 

[0045] The MT 310-passes the parameters to the UIM 
312 (in the proposed message UIM UpdatessD); which 
calculates the new SSD: 

MT 310 -> UIM 312: UIM UpdateSSD 
[RANDGSM_A, RANDGSM^B] ; 

UIM 312: SSD_A=A8(RANDGSM_A, Kj); • 

UIM 312: SSD_B=A8)RANDGSM_b, k,); < 

UIM 312: NewSSD=(SSD_A, SSD_B) ; 

[0046] Shared secret data now exists between the IS- 
41 VLR 308 and the GSM UIM 312. For the rest of the 
registration period, the UIM 312 uses SSD_A rather 
than Kj to calculate authentication parameters. Similarly, 
ciphering keys are calculated with the secret SSD_B. 

A Common Authentication Algorithm 

[0047] There is now a secret key shared between the 
IS-41 VLR 308 and the UIM 312. In order for the VLR 
308 to perform authentication and session key genera- 
tion with the mobile terminal 310, there also needs to be 
a common cryptographic algorithm shared between the 
two entities. This algorithm could be CAVE, A3/A8, or 
any other authentication or key generation algorithm. 
[0048] If the changes are to be isolated in the UIM 
312, CAVE is inserted into the UIM 312 along with the 
algorithm A3. When in a native GSM network, A3 is used 



10 

with the root key Kj. When roaming into an IS-41 net- 
work, CAVE is used with the SSD as described above. 
[0049] If the changes are to be isolated in the IS-41 
network, the algorithm A3 is included in the IS-41 net- 
s work. The IS-41 VLR 308 would then use CAVE. to au- 
thenticate native IS-41 phones, and A3 to authenticate 
GSM roamers. 

interoperability with PDC 

w . 

[0050] The Japanese PDC signaling MAP uses an au- 
thentication scheme that is very close to a triplet-based 
architecture. When roaming users register in a visited 
network, there are two versions of the Inter-Network Au- 
15 thentication Information Retrieval Message which is 
sent from the home network to the visited network. One 
version simply sends to the Subscriber Authentication 
Key. The other version sends the Authentication. Infor- 
mation List, which contains the random number, signed 
20 response, and the ciphering key -i.e., it is an authenti- 
cation triplet. Therefore, PDC is equivalent to GSM in 
terms of interoperability with an SSD-based network like 
IS-41 . Since both PDC and GSM networks use a triplet- 
based architecture, interworking therebetween is rela- 
ys tivcly easy. However, there is an incompatibility issue 
regarding the size of the signed response parameter, 
which is 32 bits in GSM and 64 bits in PDC. One solution 
is tosjmply disregard 32 bits of the response returned 
by the PDC UIM when a PDC user roams to a GSM net- 
30 work. This provides 32 bits less security than PDC users 
are accustomed to. 

Security 

35 [0051] The authentication interoperability function 
discussed above is designed to preserve the level of se- 
curity currently enjoyed by each system, in the example 
above, the GSM and, IS-41 networks.- 
[0052] IS-41 users are currently authenticated with 

40 32-bit challenges and 18-bit responses. The level of se- 
curity does not change when these parameters are em- 
bedded in larger size fields within a GSM triplet. 
[0053] GSM users are currently authenticated with 
1 28-bit challenges and 32-bit responses. Authentication 

45 of GSM users while roaming in an IS-41 network is done 
with IS-41 size security parameters, which have fewer 
bits of real security (18-bit AUTHR vs. 32-bit SRES). 
However, the security of GSM users at home within their 
own system is not lessened. In addition, the security of 

50 the root key Kj is not compromised when roaming in an 
IS-41 network because: a) SSD_A is used in place of Kj 
and b) the difficulty of walking back to the root key from 
a challenge/response pair in IS-41 is (size of key - size 
of AUTHR) = 64-.1 8 = 46 bits, which is more secure than 

55 in GSM where each challenge-response pair observed 
shrinks the keyspace to 64-32 = 32 bits. 
[0054] One important impact on IS-41 users is that 
there is no way to do SSD Update when roaming in a 
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GSM network. If the current SSD is compromised or cor- 
rupt, there is nothing thRt can be done until the user 
roams back into an IS-41 network. Additionally, this im- 
plies that the user cannot activate the subscription (ac- 
cess the network for the first time) while roaming in a 
GSM network, because no SSD is yet available. 
[0055] GSM triplets are currently used only for a sin- 
gle call. In this authentication interoperability function, 
when a GSM user roams into a IS-41 .network, a single 
triplet is converted into SSD_A which persists for many 
calls. 

[0056] However, SSD_A is 64 bits long, which pro- 
vides twice the bits of security as the 32-bit SRES in a 
triplet. The level of security cannot be more than 64 bits 
anyway, since everything is generated from the 64-bit 
root key Kj. On the other hand, authentication is now 
dependent on A8, which is used to generate SSD_A. 
The security implications of this are not known. 
[0057] Regarding export regulations, the ciphering 
keys described in this application are 64-bil numbers. 
However, this can always be lessened to conlorm to 
government restrictions. In fact, the UIM AUTHREQ 
message could be designed with an additional param- 
eter which dictates the size of the ciphering key. This 
way, longer keys can bo used domestically while still 
providing the capability to. roam into global : markets that 
have shorter key sizes. 

[0058] Although the description above. ' discusses 
roaming between the GSM network' and the IS-41 net- 
work the AIF 314 of the present invention facilitates 
communication between any stored challenge/re- 
sponse pair authentication network and any primary 
key/shared secondary key authentication network. In 
particular, as illustrated in Figure 11, the first network 
218 includes an authentication data base 402 and an 
intermediary 404. Similarly, the second network 220 in- 
cludes an authentication data base 406 and an interme- 
diary 408. The AIF 31 4 of the present invention enables 
"user 410 to roam between the first network 218 and the 
second network 220, as described above. Additionally, 
although Figures 7-11 illustrate the AIF 314 as a stand- 
alone network entity the functions implemented by the 
AIF 314 may be built into any one or more of the HLR 
302, VLR 304, HLR 306, or VLR 308 of Figures 7-10 or 
any one or more of the authentication data base 402, 
intermediary 404, authentication data base 406, or in- 
termediary 408 of Figure 11. 



Claims 

1. An authentication interoperability function for facili- 
tating authentication of a user from a first network 
when the user is in a second network, having a dif- 
ferent authentication scheme from the first network, 
said authentication interoperability function receiv- 
ing a challenge/response pair from an authentica- 
tion data base in the first network, creating a sec- 



ondary key from the challenge/response pair, and 
sending the secondary key to an intermediary in the 
second network to authenticate the user from the 
first network. 

5 

2. The authentication interoperability function of claim 
1 , wherein the user is a mobile telephone subscrib- 
er. 

io 3. The authentication interoperability function of claim 
1 , wherein the first network is a Global System for 
Mobiles (GSM) network, the second network is an 
IS-41 network, the intermediary is a visiting location 
register in the IS-41 network, and the authentication 

is data base is a home location register in the GSM 
network. 

4. The authentication interoperability function of claim 
3, wherein the authentication interoperability func- 

20 tion is colocaled wilh the home localion register in 

the GSM network. 

5. The authentication interoperability function of claim 
3, wherein the authentication interoperability func- 

25 tion is eolocated with the visiting location register in 

the IS-41 network. ' 

6. The authentication interoperability function of claim 
3, wherein the authentication interoperability func- 

30 tion is a stand alone network entity. 

7. ■ The authentication interoperability function of claim 

1 , wherein an authentication scheme of the first net- 
work is a store challenge/response pair authentica- 
tes tion scheme and an'authentication scheme of the 
second network is a primary key/shared secondary 
key authentication scheme. 

8. An authentication interoperability function for facili- 
40 tating authentication of a user from a first network 

when the user is in the second network, having a 
different authentication scheme from the first net- 
work, said authentication interoperability function 
receiving a secondary key from an authentication 

45 data base from the first network, creating a chal- 
lenge/response pair from the secondary key, and 
sending the. challenge/response pair to an interme- 
diary in the second network lo authenticate the user 
from the first network. 

so ' 1 

9. The authentication interoperability function of claim 
8, wherein the user is a mobile telephone subscrib- 
er. 

55 10. The authentication interoperability function of claim 
8, wherein the first network is an IS-41 network, the 
second network is a Global System for Mobiles 
(GSM) network, the intermediary is a visiting loca- 
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tion register in the GSM network, and the authenti- 
cation data base is a home location register in the 
IS-41 network. 

1 1 . The authentication interoperability function of claim 
10, wherein the authentication interoperability func- 
tion is colocated with the home location register in 
the IS-41 network. 

12. The authentication interoperability function of claim 
10, wherein the authentication interoperability func- 
tion is colocated with the visiting location register in 
the GSM network. 

13. The authentication interoperability function of claim 
10, wherein the authentication interoperability func- 
tion is a stand alone network entity. 

14. The authentication interoperability function of claim 
8, wherein an authentication scheme of the first net- 
work is a primary key/shared secondary key au- 
thentication scheme and an authentication scheme 
of the second network is a stored challenge/re- 
sponse pair authentication scheme. 
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work when the user is in. a second network, having 
a different authentication scheme from the first net- 
work, said method comprising the steps of: 

generating a challenge/response pair from a 
key; 

transmitting the challenge/response pair to an 
intermediary in the first network; 

authenticating the user based on the challenge/ 
response pair. 



21. The method of claim 20, wherein the key is a sec- 
15 ondary key generated .from a primary key. 

.22. The method of claim 20, wherein the user is a mo- 
bile telephone subscriber. 

20 23. The method of claim 20, wherein the first network 
is an IS-41 network, the second network is a Global 
System for Mobiles (GSM) network and the authen- 
tication data base is a home location register in the 
IS-41 network. 



15. A method of authenticating a user from a first net- 
work when the user is in a second network, having 
a different authentication scheme from the first net- 
work, said method comprising the steps of: 

receiving a challenge/response pair from an 
authentication data base in the first network; 

generating a key from the challenge/response 
pair; and , 

authenticating the user based on the key. 

16. The method of claim 15, wherein the key is a sec- 
ondary key generated from a primary key. 

17. The method of claim 15, wherein the user is a mo- 
bile telephone subscriber. 

18. The method of claim 15, wherein the first network 
is a Global System for Mobiles (GSM) network, .the 
second network is an IS-41 network, and the au- 
thentication data base is a home location register in 
the GSM network. 

19. The method of claim 15, wherein an authentication 
scheme of the first network is a stored challenge/ 
response pair authentication scheme and an au- 
thentication scheme of the,second network is a pri- 
mary key/shared secondary key authentication 
scheme. 

20. A method for authenticating a user from a first net- 
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24. The method of claim 20, wherein an authentication 
scheme of the first network is/a stored challenge/ 
response pair authentication scheme and an au- 
thentication scheme of the second network is a pri- 
mary key/shared secondary key authentication 
scheme. 

25. An interface for authenticating a user from a first 
network when the user is in a second network, hav- 
ing a different authentication scheme from the first 
network, said interface comprising: 

a message containing a challenge/response 
pair from an authentication data base in the first 
network to an intermediary in the second net- 
work. 

26. The interface of claim 25, wherein the user is a mo- 
bile telephone subscriber. 

27. The interface of claim 25, wherein the first network 
is a Global System for Mobiles (GSM) network, the 
second network is an IS-41 network, the authenti- 
cation data base is a home location register in the 
GSM network, and the intermediary is a visiting lo- 
cation register in the IS-41 network. 

28. The interface of claim 25, wherein an authentication 
scheme of the first network is a stored challenge/ 
response pair authentication scheme and an au- 
thentication scheme of the second network is a pri- 
mary key/shared secondary -key authentication 
scheme. 
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29. The interface of claim 25, wherein the first network 
is an IS-41 network, the second network is a Global 
System for Mobiles (GSM) network, the authentica- 
tion data base is a home location register in the IS- 
41 network, and the intermediary is a visiting loca- 
tion register in the GSM network. 

30. The interface of claim 25, wherein an authentication 
scheme of the first network is a primary key/shared 
secondary key authentication scheme and an au- 
thentication scheme of the second network is a 
stored challenge/response pair authentication 
scheme. 

31. An interface for authenticating a user from a first 
network when the user is in a second network, hav- 
ing a different authentication scheme from the first 
network, said interface comprising: 

a message containing a challenge from an in- 
termediary in the first network to the user and 
■ a response from the user to the intermediary in 
the first network. * 

32. The interface of claim 31 , wherein the user is a user 
identity module (UIM) of a mobile telephone and the 
intermediary is a visiting "location register. - 

33. The interface of claim 32; wherein the first network 
is an IS-41 network and the second network is a 
Global System for Mobiles (GSM) network. 

34. The interface of claim 32, wherein the first network 
is a Global System for Mobiles (GSM) network and 
the second network is an IS-41 network. 

35. The interface of claim 31 , wherein the message fur- 
ther contains a random number challenge from the 
intermediary in the first network to the user from 
which the user can generate a- key. 

36. The interface of claim 35, wherein the user is a user 
identity module (UIM) of a mobile telephone and the 
intermediary is a visiting location register 

37. The interface of claim 35, wherein the first network 
is an IS-41 network and the second network is a 
Global System for Mobiles (GSM) network: 

38. The interface of claim 35, wherein the first network 
is a Global System for Mobiles (GSM) network and 
the second network is an IS-41 network. 

39. An intermediary for authenticating a user from a first 
network when the user is in a second network, hav- 
ing a different authentication scheme from the first 
network, said intermediary comprising: 



a receiving element for receiving a challenge/ 
response pair from an authentication data base 
in the first network; 

a generating element for generating a key from 
the challenge/response pair; 

an authenticating element for authenticating 
the user based on the key. 

10 

40. The method of claim 39, wherein the key is a sec- 
ondary key generated from a primary key. 

41. The method of claim 39, wherein the user is a mo- 
15 bile telephone subscriber. 

42. The intermediary of claim 39, wherein the first net- 
work is a Global Systems for Mobiles (GSM) net- 
work, the second network is an IS-41 network, the 

20 authentication daLa base in the firsl network is a 
home location register in the GSM network, and the 
intermediary is a visiting location register in the IS- 
41 network. 

25 43. The method of claim 39, wherein an authentication 
scheme of the first network is a stored challenge/ 
response pair authentication scheme and an au- 
thentication scheme of the second network is a pri- 
mary key/shared secondary' key authentication 

30 scheme. 

44i An authentication data base from facilitating au- 
thentication of a user from a first network when the 
user is in a second network, having a different au- 
35 thentication scheme from the first network, said lo- 
cation register comprising: 

a generating element for generating a chal- 
lenge/ response pair from a key; 

40 ''■'.* 

a transmitting element for transmitting the chal- 
lenge/response pair to an intermediary in the 
first network which authenticates the user 
based on the challenge/response pair. 

45 

45. The authentication data base on claim 44, wherein 
the key is a secondary key generated from a prima- 
ry key. 

so 46. The authentication data base of claim 44, wherein 
the user is a mobile telephone subscriber. 

47. The authentication data base of claim, 44, wherein 
the first network is a Global System for Mobiles 
ss ' (GSM) network, the second network is an IS-41 net- 
work, the intermediary in the first network is a visit- 
ing location register in the GSM network, and the ' 
authentication data base is a home location register 
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in the IS-41 network. 

48. The method of claim 44, wherein an authentication 
scheme of the first network is a stored challenge/ 
response pair authentication scheme and an au- 
thentication scheme of the second network is a pri- 
mary key/shared secondary key authentication 
scheme. 

49. An intermediary for authenticating a user from a first 
network when the user is in a second network, hav- 
ing a different authentication scheme from the first 
network, said intermediary comprising: 

a receiving element for receiving a challenge/ 
response pair from a an authentication data 
base in the second network, which generated 
the challenge/response pair from a key; and 



56. The authentication data base of claim 54, wherein 
the user is a mobile telephone subscriber. 

57. The authentication data base of claim 54, wherein 
5 the first network is a Global System for Mobiles 

(GSM) network, the second network is an IS-41 net- 
work, the intermediary is a visiting location register 
in the IS-41 network, and the authentication data 
base is a home location register in the GSM net- 
10 work. 

58. The authentication data base of claim 54, wherein 
an authentication scheme of the first network is a 
stored challenge/response pair authentication 

15 scheme and an authentication scheme of the sec- 
ond network is a primary key/shared secondary key 
authentication scheme. 



an authenticating element for authenticating 
the user based on the challenge/response pair. 

50. The method of claim 49, wherein the key is a sec- 
ondary key generated from a primary key. 

51. The method of claim 49, wherein the user is a mo- 
bile telephone subscriber. 



25 



52. The intermediary of claim 49, wherein the first net-* 
work is a Global System for Mobiles (GSM) network, 
the second network is an IS-41 network, the authen- 
tication data base is a home location register in the 
IS-41 network, and the intermediary is a visiting lo- 
cation register in the GSM network. 

53. The method of claim 49, wherein an authentication 
scheme of the first network is a stored challenge/ 
response pair authentication scheme and an au- 
thentication scheme of the second network is a pri- 
mary key/shared secondary key authentication 
scheme. 
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54. An authentication data base for facilitating authen- 
tication of a user from a first network when the user 
is in a second network, having a different authenti- 
cation scheme from the first network, said location 
register comprising: 



45 



a generating element for generating a key from 
a challenge/response pair; - * 

a transmitting element for transmitting the key 
to an intermediary in the second network which 
authenticates the user based on the key. 

55. The authentication data base of claim 54, wherein 
the key is a secondary key gnerated from a primary 
key. 
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